chore: enable policy exceptions by default (#8545)

Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com>
2025-03-31 03:45:17 +00:00 · 2023-09-27 20:40:13 +03:00 · 2023-09-27 20:40:13 +03:00 · b80963374f
commit b80963374f
parent 482c243517
5 changed files with 7 additions and 6 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -13,6 +13,7 @@
 - Added `--aggregateReports` flag for reports controller to enable/disable aggregated reports (default value is `true`).
 - Added `--policyReports` flag for reports controller to enable/disable policy reports (default value is  `true`).
 - Renamed CLI flag `--compact` to `--detailed-results` (and changed default value from `true` to `false`).
 - Changed the default value of `--enablePolicyException` from `false` to `true`.
 ## v1.10.0
--- a/charts/kyverno/README.md
+++ b/charts/kyverno/README.md
@ -308,7 +308,7 @@ The chart values are organised per component.
 | features.logging.format | string | `"text"` | Logging format |
 | features.logging.verbosity | int | `2` | Logging verbosity |
 | features.omitEvents.eventTypes | list | `[]` | Events which should not be emitted (possible values `PolicyViolation`, `PolicyApplied`, `PolicyError`, and `PolicySkipped`) |
-| features.policyExceptions.enabled | bool | `false` | Enables the feature |
+| features.policyExceptions.enabled | bool | `true` | Enables the feature |
 | features.policyExceptions.namespace | string | `""` | Restrict policy exceptions to a single namespace |
 | features.protectManagedResources.enabled | bool | `false` | Enables the feature |
 | features.registryClient.allowInsecure | bool | `false` | Allow insecure registry |
--- a/charts/kyverno/values.yaml
+++ b/charts/kyverno/values.yaml
@ -425,7 +425,7 @@ features:
      # - PolicySkipped
  policyExceptions:
    # -- Enables the feature
-    enabled: false
+    enabled: true
    # -- Restrict policy exceptions to a single namespace
    namespace: ''
  protectManagedResources:
--- a/cmd/internal/flag.go
+++ b/cmd/internal/flag.go
@ -89,7 +89,7 @@ func initKubeconfigFlags(qps float64, burst int) {
 func initPolicyExceptionsFlags() {
 	flag.StringVar(&exceptionNamespace, "exceptionNamespace", "", "Configure the namespace to accept PolicyExceptions.")
-	flag.BoolVar(&enablePolicyException, "enablePolicyException", false, "Enable PolicyException feature.")
+	flag.BoolVar(&enablePolicyException, "enablePolicyException", true, "Enable PolicyException feature.")
 }
 func initConfigMapCachingFlags() {
--- a/config/install-latest-testing.yaml
+++ b/config/install-latest-testing.yaml
@ -42328,7 +42328,7 @@ spec:
            - --generateValidatingAdmissionPolicy=false
            - --loggingFormat=text
            - --v=2
-            - --enablePolicyException=false
+            - --enablePolicyException=true
            - --protectManagedResources=false
            - --allowInsecureRegistry=false
            - --registryCredentialHelpers=default,google,amazon,azure,github
@ -42474,7 +42474,7 @@ spec:
            - --enableDeferredLoading=true
            - --loggingFormat=text
            - --v=2
-            - --enablePolicyException=false
+            - --enablePolicyException=true
          env:
          - name: KYVERNO_SERVICEACCOUNT_NAME
            value: kyverno-background-controller
@ -42711,7 +42711,7 @@ spec:
            - --enableDeferredLoading=true
            - --loggingFormat=text
            - --v=2
-            - --enablePolicyException=false
+            - --enablePolicyException=true
            - --reportsChunkSize=1000
            - --allowInsecureRegistry=false
            - --registryCredentialHelpers=default,google,amazon,azure,github